Skip to Main content Skip to Navigation

Spectral Fuzzing: Evaluation & Feedback

Abstract : This paper presents an instrumentation framework for assessing and improving fuzzing, a powerful technique to rapidly detect software vulnerabilities. We address the major current limitation of fuzzing techniques, namely the absence of evaluation metrics and the absence of automated quality assessment techniques for fuzzing approaches. We treat the fuzzing process as a signal and show how derived measures like power and entropy can give an insightful perspective on a fuzzing process. We demonstrate how this perspective can be used to compare the efficiency of several fuzzers, derive stopping conditions for a fuzzing process, or help to identify good candidates for input data. We show through the Linux implementation of our instrumentation framework how the approach was successfully used to assess two different fuzzers on real applications. Our instrumentation framework leverages a tainted data approach and uses data lifetime tracing with an underlying tainted data graph structure.
Complete list of metadata

Cited literature [37 references]  Display  Hide  Download
Contributor : Humberto Abdelnur Connect in order to contact the contributor
Submitted on : Wednesday, February 2, 2011 - 7:00:17 AM
Last modification on : Wednesday, February 2, 2022 - 3:51:51 PM
Long-term archiving on: : Tuesday, November 6, 2012 - 1:10:39 PM


Files produced by the author(s)


  • HAL Id : inria-00452015, version 1



Humberto Abdelnur, Radu State, Obes Jorge Lucangeli, Olivier Festor. Spectral Fuzzing: Evaluation & Feedback. [Research Report] RR-7193, INRIA. 2010, pp.40. ⟨inria-00452015⟩



Record views


Files downloads